Workshop @ Northsec 2019: Reversing WebAssembly Module 101


2019/05/21 @ Northsec 2019

WebAssembly (WASM) is a new binary format currently supported by all major browsers (Firefox, Chrome, WebKit /Safari and Microsoft Edge) and executed inside JS scripts. It is already used for malicious purposes like Cryptojacking and can be found inside some web-browsers addons.

In this workshop, I will first introduce WebAssembly concepts and why it’s consider as a “game changer for the web”. Secondly, I will expose different techniques (Static/Dynamic analysis) and tools (OctopusWasabi, …) to perform a WebAssembly module analysis. Finally, we will hands-on with basic examples (crackmes) and go throws some real-life cryptominer and web-browsers plugins using WebAssembly module.

Along the talk, I will only used open source tools.

  1. Introduction
  2. WebAssembly Basics
  3. WebAssembly Runtime VM
  4. WebAssembly VM internals
  5. Module dissection
  6. Program analysis
  7. Wasabi
  8. Cryptominers
  9. Firefox addons analysis
  10. Conclusion

link / slides (not yet) / repository

Talk @ ESE #4: Introduction to PIN, a DBI (Dynamic Binary Instrumentation) framework

ese pin intel DBI patrick ventuzelo


2016/05/21 @ ESE #4

Dynamic Binary Instrumentation (DBI) is a technique for analyzing and modifying the behavior of a program when it is executed.

Among the most known frameworks there are Valgrind, DynamoRIO and PIN. The latter is developed by Intel and has a simple and functional API.

The purpose of this presentation is to show the possibilities of such a tool as well as an example through a Crackme.


slides (fr)